« List of all CVEs

CVE-2025-4598

Systemd-coredump: race condition that allows a local attacker to crash a suid program and gain read access to the resulting core dump

Published: 5/30/2025 Last updated: 12/8/2025 Reserved: 5/12/2025

A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process. A SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.

CNA assigner: redhat (53f830b8-0a3f-465b-8143-3b8a9948e749) Requested by: n/a

Metrics

Version Score Severity Vector String
3.1 4.7 Medium CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Opam packages affected (29)

albatross cdrom conf-bpftool conf-libbpf conf-libudev conf-linux-libc-dev core core_unix hvsock mirage-block-unix mm ocaml-probes ocaml-systemd orun rawlink rawlink-eio rawlink-lwt shell solo5 solo5-bindings-hvt solo5-bindings-spt solo5-cross-aarch64 solo5-kernel-ukvm tracy-client tuntap uring vhd-format vhd-format-lwt xapi-stdext-unix

Products affected (26)

Product Vendor Version
Red Hat Insights proxy 1.5 Red Hat n/a
Red Hat Insights proxy 1.5 Red Hat 4.6.2 on Windows 10 for 32-bit Systems
Red Hat Enterprise Linux 7 Red Hat 10.60, 10.61, 10.62
Red Hat Enterprise Linux 10 Red Hat Snapdragon 212 Mobile Platform
Red Hat Enterprise Linux 10 Red Hat Windows 10 Version 1803 for x64-based Systems
Red Hat Enterprise Linux 9 Red Hat SA8255P
Red Hat Enterprise Linux 7 Red Hat 4.6.2 on Windows 10 for x64-based Systems
Red Hat Enterprise Linux 9 Red Hat 2.00 firmware version 2.00
Red Hat OpenShift Container Platform 4 Red Hat Windows Server 2012
Red Hat OpenShift Container Platform 4 Red Hat n/a
Red Hat Enterprise Linux 10 Red Hat < 2024 R1
Red Hat Enterprise Linux 10 Red Hat < c01ed748847fe8b810d86efc229b9e6c7fafa01e
Red Hat OpenShift Container Platform 4 Red Hat 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for 32-bit Systems
Red Hat Enterprise Linux 9 Red Hat < 18d5fc3c16cc317bd0e5f5dabe0660df415cadb7
Red Hat Enterprise Linux 9 Red Hat Windows 10 Version 1803 for 32-bit Systems
Red Hat Enterprise Linux 9 Red Hat 4203722d51afe3d239e03f15cc73efdf023a7103
Red Hat Enterprise Linux 10 Red Hat SA8195P
Red Hat Enterprise Linux 10 Red Hat Windows Server 2016
Red Hat Enterprise Linux 9 Red Hat SA8155P
Red Hat Enterprise Linux 7 Red Hat n/a
Red Hat Enterprise Linux 8 Red Hat 6.5
Red Hat Enterprise Linux 7 Red Hat Snapdragon 4 Gen 1 Mobile Platform
Red Hat Enterprise Linux 8 Red Hat < 5c43d0041e3a05c6c41c318b759fff16d2384596
Red Hat OpenShift Container Platform 4 Red Hat < 6.5
d51d2eeae4ce54d542909c4d9d07bf371a78592c
Snapdragon 210 Processor

References (26)